New Apple iOS Already Vulnerable To Jailbreaking Hacks

Hackers at Redmond Pie outlined details of the Pwn tool allowing users to jailbreak the latest iOS, version 4.3.4. However, one mitigating factor is that the jailbreak hack does not apply to the iPad 2.

Jailbreaking allows users to circumvent security mechanisms in Apple’s mobile devices such as iPhones and iPads running iOS, to run applications not authorized by Apple’s App Store.

“Apple has just pushed out iOS 4.3.4 for the iPhone, iPad and the iPod touch. And thankfully, we have cooked custom PwnageTool bundles which allows you to jailbreak any device (except for iPad 2) running iOS 4.3.4, and at the same time preserve your baseband for an Ultrasn0w unlock later on,” said Redmond Pie’s Uzair Ghani in a blog post.

Thus far the jailbreak is tethered, indicating that users will need to reboot their iOS device by physically connecting it to their computer in order to maintain the jailbroken state.

“No matter how annoying it may sound, it’s better than having no jailbreak at all,” Ghani said.

The latest jailbreaking hack was revealed Friday, the same day Apple issued a security update repairing a critical PDF flaw in the mobile Safari browser that left devices, such as iPhone, iPad and iPod touch, running on its iOS, susceptible to attack.

The update repaired the PDF flaw, which stemmed from a buffer overflow issue occurring in the way the iOS parses fonts in Apple’s mobile Safari browser. The update also patched another vulnerability in the iOS, which allowed hackers to bypass Apple’s ASLR (address space layout randomization), a security feature that involves random position arrangement of key data areas that make it more challenging for hackers to predict target addresses and launch attacks.

However, in addition to enabling jailbreaking hacks, researchers at Germany’s security agency, known as BSI, found that the PDF vulnerability also could be used by cyber criminals to distribute malware via users’ iPhones, iPads and iPod touches .

The iOS PDF flaw became widely publicized after hackers disclosed the latest release of the JailbreakMe framework, version 3.0, on the JailbreakMe Web site.

In an attack scenario, cyber criminals could create a malicious PDF distributed via a link embedded over e-mail or social networking site. Users would unknowing install malware by opening the link or the PDF file while running the Safari browser. Attackers could then access users’ personal or financial data stored on their iPhones or iPads, including online banking information, credit card numbers, text messages, calendars, e-mails and passwords. They could also exploit the flaw to intercept users’ phone conversations and locate and track users via the iPhone’s GPS capabilities.

Thus far, security researchers have not detected any malicious exploits in the wild targeting the iOS flaws.

Meanwhile, Andrew Storms, director of security operations at security firm nCircle, said that iPhone’s popularity will continue to make the device a target, but added that the frequency of attacks will likely force Apple to bolster security mechanisms that make it harder for hackers to jailbreak and exploit.

“As the target market grows so are the attackers going to follow,” Storms said. “Also know that the iOS devices are the most heavily targeted mobile devices, and because of that, Apple has had researchers attack this thing. At some point in time it’s going to be the most secure device, because it has undergone so much scrutiny for so many years.”